From c211e84498fb303b913e56a9f3aae7a838460aae Mon Sep 17 00:00:00 2001 From: Andrey Antukh Date: Thu, 23 Jun 2022 14:09:25 +0200 Subject: [PATCH 1/2] :bug: Fix incorrect register-profile audit log handling --- backend/src/app/loggers/audit.clj | 2 +- backend/src/app/rpc.clj | 10 ++++++---- backend/src/app/rpc/mutations/profile.clj | 11 ++++++----- 3 files changed, 13 insertions(+), 10 deletions(-) diff --git a/backend/src/app/loggers/audit.clj b/backend/src/app/loggers/audit.clj index 8b5a8c2ec..26e86a0aa 100644 --- a/backend/src/app/loggers/audit.clj +++ b/backend/src/app/loggers/audit.clj @@ -51,7 +51,7 @@ (defn profile->props [profile] (-> profile - (select-keys [:is-active :is-muted :auth-backend :email :default-team-id :default-project-id :fullname :lang]) + (select-keys [:id :is-active :is-muted :auth-backend :email :default-team-id :default-project-id :fullname :lang]) (merge (:props profile)) (d/without-nils))) diff --git a/backend/src/app/rpc.clj b/backend/src/app/rpc.clj index 9e53af92e..a737028ce 100644 --- a/backend/src/app/rpc.clj +++ b/backend/src/app/rpc.clj @@ -6,7 +6,6 @@ (ns app.rpc (:require - [app.common.data :as d] [app.common.exceptions :as ex] [app.common.logging :as l] [app.common.spec :as us] @@ -132,10 +131,13 @@ (fn [result _] (when result (let [resultm (meta result) - profile-id (or (:profile-id params) + profile-id (or (::audit/profile-id resultm) (:profile-id result) - (::audit/profile-id resultm)) - props (d/merge params (::audit/props resultm))] + (:profile-id params)) + props (or (::audit/replace-props resultm) + (-> params + (merge (::audit/props resultm)) + (dissoc :type)))] (audit :cmd :submit :type (or (::audit/type resultm) (::type cfg)) diff --git a/backend/src/app/rpc/mutations/profile.clj b/backend/src/app/rpc/mutations/profile.clj index bd4179edb..e82e59a8c 100644 --- a/backend/src/app/rpc/mutations/profile.clj +++ b/backend/src/app/rpc/mutations/profile.clj @@ -137,7 +137,8 @@ :exp (dt/in-future "48h")} token (tokens :generate params)] - {:token token})) + (with-meta {:token token} + {::audit/profile-id uuid/zero}))) ;; --- MUTATION: Register Profile @@ -175,7 +176,7 @@ resp {:invitation-token token}] (with-meta resp {:transform-response ((:create session) (:id profile)) - ::audit/props (audit/profile->props profile) + ::audit/replace-props (audit/profile->props profile) ::audit/profile-id (:id profile)})) ;; If auth backend is different from "penpot" means user is @@ -184,7 +185,7 @@ (not= "penpot" (:auth-backend profile)) (with-meta (profile/strip-private-attrs profile) {:transform-response ((:create session) (:id profile)) - ::audit/props (audit/profile->props profile) + ::audit/replace-props (audit/profile->props profile) ::audit/profile-id (:id profile)}) ;; If the `:enable-insecure-register` flag is set, we proceed @@ -192,7 +193,7 @@ (true? is-active) (with-meta (profile/strip-private-attrs profile) {:transform-response ((:create session) (:id profile)) - ::audit/props (audit/profile->props profile) + ::audit/replace-props (audit/profile->props profile) ::audit/profile-id (:id profile)}) ;; In all other cases, send a verification email. @@ -214,7 +215,7 @@ :extra-data ptoken}) (with-meta profile - {::audit/props (audit/profile->props profile) + {::audit/replace-props (audit/profile->props profile) ::audit/profile-id (:id profile)})))))) (defn create-profile From 5e2ff2cf6f00a4e43954afd0d54f8115f7dd3a47 Mon Sep 17 00:00:00 2001 From: Andrey Antukh Date: Thu, 23 Jun 2022 14:15:34 +0200 Subject: [PATCH 2/2] :paperclip: Minor update on telemetry task --- backend/src/app/tasks/telemetry.clj | 1 + 1 file changed, 1 insertion(+) diff --git a/backend/src/app/tasks/telemetry.clj b/backend/src/app/tasks/telemetry.clj index cf45eeeba..db6149b77 100644 --- a/backend/src/app/tasks/telemetry.clj +++ b/backend/src/app/tasks/telemetry.clj @@ -199,6 +199,7 @@ "taiga" (cf/get :telemetry-referer))] (-> {:referer referer + :public-uri (cf/get :public-uri) :total-teams (retrieve-num-teams conn) :total-projects (retrieve-num-projects conn) :total-files (retrieve-num-files conn)